Commit df35d772 authored by Stan Hu's avatar Stan Hu

Merge branch '65974-rate-limiter-should-return-429' into 'master'

Return `429` instead of `302` on Rate Limiter on the raw endpoint

See merge request gitlab-org/gitlab-ce!31777
parents bd759eeb b6c51f57
...@@ -26,7 +26,7 @@ class Projects::RawController < Projects::ApplicationController ...@@ -26,7 +26,7 @@ class Projects::RawController < Projects::ApplicationController
limiter.log_request(request, :raw_blob_request_limit, current_user) limiter.log_request(request, :raw_blob_request_limit, current_user)
flash[:alert] = _('You cannot access the raw file. Please wait a minute.') flash[:alert] = _('You cannot access the raw file. Please wait a minute.')
redirect_to project_blob_path(@project, File.join(@ref, @path)) redirect_to project_blob_path(@project, File.join(@ref, @path)), status: :too_many_requests
end end
def raw_blob_request_limit def raw_blob_request_limit
......
...@@ -60,7 +60,7 @@ describe Projects::RawController do ...@@ -60,7 +60,7 @@ describe Projects::RawController do
execute_raw_requests(requests: 6, project: project, file_path: file_path) execute_raw_requests(requests: 6, project: project, file_path: file_path)
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.') expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
expect(response).to redirect_to(project_blob_path(project, file_path)) expect(response).to have_gitlab_http_status(429)
end end
it 'logs the event on auth.log' do it 'logs the event on auth.log' do
...@@ -92,7 +92,7 @@ describe Projects::RawController do ...@@ -92,7 +92,7 @@ describe Projects::RawController do
execute_raw_requests(requests: 3, project: project, file_path: modified_path) execute_raw_requests(requests: 3, project: project, file_path: modified_path)
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.') expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
expect(response).to redirect_to(project_blob_path(project, modified_path)) expect(response).to have_gitlab_http_status(429)
end end
end end
...@@ -120,7 +120,7 @@ describe Projects::RawController do ...@@ -120,7 +120,7 @@ describe Projects::RawController do
execute_raw_requests(requests: 6, project: project, file_path: file_path) execute_raw_requests(requests: 6, project: project, file_path: file_path)
expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.') expect(flash[:alert]).to eq('You cannot access the raw file. Please wait a minute.')
expect(response).to redirect_to(project_blob_path(project, file_path)) expect(response).to have_gitlab_http_status(429)
# Accessing upcase version of readme # Accessing upcase version of readme
file_path = "#{commit_sha}/README.md" file_path = "#{commit_sha}/README.md"
......
# frozen_string_literal: true
require 'spec_helper'
describe 'Projects > Raw > User interacts with raw endpoint' do
include RepoHelpers
let(:user) { create(:user) }
let(:project) { create(:project, :repository, :public) }
let(:file_path) { 'master/README.md' }
before do
stub_application_setting(raw_blob_request_limit: 3)
project.add_developer(user)
create_file_in_repo(project, 'master', 'master', 'README.md', 'readme content')
sign_in(user)
end
context 'when user access a raw file' do
it 'renders the page successfully' do
visit project_raw_url(project, file_path)
expect(source).to eq('') # Body is filled in by gitlab-workhorse
end
end
context 'when user goes over the rate requests limit' do
it 'returns too many requests' do
4.times do
visit project_raw_url(project, file_path)
end
expect(source).to have_content('You are being redirected')
click_link('redirected')
expect(page).to have_content('You cannot access the raw file. Please wait a minute.')
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment